At Comrads, we know that security is critical. Protecting your privacy is therefore our top priority and the reason why we adopt and adhere to the best industry standards. Comrads is ISO/IEC 27001:2013 certified and meets the requirements and standards of the GDPR. Comrads takes strict precautionary, technical and organizational security measures to ensure a high level of security to protect your data and files from unauthorized or unlawful access.

Hosting and storage

Secure and scalable cloud storage

All customer applications and modules at Comrads run exclusively within the EEA on private cloud servers provided by Amazon Web Services (AWS), our trusted business partner with a global network of high-performance data centres. These are secured with access protocols, biometric scan profiles and 24/7 surveillance and monitoring.

Physical security

Authorized access only

AWS' data servers are designed to minimize the impact of global operational disruptions. In addition, AWS data centers are staffed 24/7 by specially trained security guards, secured by CCTV cameras and biometric access controls. Authorized access is granted on a need-to-know basis.

Availability

Always safely accessible

Comrads offers scalable SaaS solutions that are accessible 24/7 worldwide through a web browser. No need to install anything on your own servers. Secured by a strict role-based system (RBAC), every request for access to your stored information is verified via profiles and ensures that your assets are securely available at all times.

Server and application security

Only standard is not enough

All of Comrads' private cloud servers are effectively secured and encrypted. Comrads not only uses the standard AWS Shield service, a managed Distributed Denial of Service (DDoS) protection, but Comrads additionally implements the full-stack server and application security services AWS Inspector, AWS GuardDuty, AWS CloudWatch and Bitninja Fullstack Security. Together, these services guarantee a high level of security against attacks and threats.

Application access

Users can access Comrads' applications globally and 24/7 with a browser and internet connection. All traffic to and from the Comrads applications uses only a secure HTTPS connection, so all data (including usernames and passwords) is transferred through an encrypted connection. Furthermore, it is possible to make the customer applications accessible only from specific IP addresses. Comrads also supports Single-Sign-On (SSO) to give (internal) users secure access with just one set of login details.

Server access

Administrative access to all of our servers at AWS is limited to authorized Comrads employees only from the Comrads office or remotely via the Comrads VPN using the SSH and MySQL protocol. Each client basically has its own server within Comrads' standard VPC. It is not possible to 'hop' from one server to another within the same VPC. This is prevented by means of an IP restriction.

Network security

The Comrads network is protected by firewalls and virus scanners that are maintained with regular upgrades and patches. Remote access to Comrads' network is only possible through our VPN. In addition, all workstations are secured and protected by the latest Endpoint Security software from ESET.

Backups

If for any reason you should lose or damage some files, a full backup is always available. Our software protects the countless hours and resources you've invested in creating and managing your asset and (meta)data by making incremental and full backups. In the event of a failure or incident, we can perform an immediate backup restore.